02-27-15 02:41 AM
374 123 ...
tools
  1. Gatmyer's Avatar
    I found this interesting.

    Web Security Analysis of 12 BlackBerry 10 Applications | FileArchiveHaven

    A very good read on some apps which have good and bad Security. Also goes into why they are secure or not secure.

    Thanks to the !Geeks United BBM channel for the link.

    C00122408

    Posted via CB10
    02-09-15 06:51 AM
  2. tinochiko's Avatar
    Yes very interesting

    Check Out TechCraze
    Gatmyer likes this.
    02-09-15 07:03 AM
  3. Gatmyer's Avatar
    Yes very interesting

    Check Out TechCraze
    Thanks.

    Following them now as well.

    Posted via CB10
    02-09-15 07:06 AM
  4. RedxD's Avatar
    Requesting lots of ads in the background living your battery and using up your data, lovely lol

    Posted via CB10
    02-09-15 07:14 AM
  5. jonduran86's Avatar
    And here we go...
    Gatmyer likes this.
    02-09-15 07:38 AM
  6. LoganSix's Avatar
    Developers should be more careful about how they handle user data.

    Posted from my Red Passport
    KKrusher likes this.
    02-09-15 08:09 AM
  7. anon1727506's Avatar
    A lot of "Apps For" on this list... which is the same for most any platform, and one of the big reason that many today avoid "Apps For Apps". Thankfully we at least have the unofficially options for getting many of the original apps so we don't have to use these.
    02-09-15 08:27 AM
  8. Bla1ze's Avatar
    A lot of "Apps For" on this list... which is the same for most any platform, and one of the big reason that many today avoid "Apps For Apps". Thankfully we at least have the unofficially options for getting many of the original apps so we don't have to use these.
    Actually, the App for Apps, are likely among the safest because they're all just app generator apps lol. Of course, they're utterly useless but they're safer than pretty much anything else as you know it's just going to some stupid blog site anyway. The 'developers' (using the term loosely) behind those can't inject any outside code really.
    02-09-15 08:28 AM
  9. f0xG3's Avatar
    I'm more interested on the difference between iGrann and Insta10

    How come iGrann could perform IG stuff internally almost cleanly compared to Insta10? Is it because the former doesn't use any form of spoofing (it can directly utilize IG API's??) or third party advertisements whatsoever (making it effectively funded by actually buying the app?).

    While Insta10 basically uses a remote server to spoof say... an iOS or an Android client plus it uses third party advertisements as a source of funds? Though I would appreciate Nem has control over the connection between client and the AWS server to be at least encrypted and scrambled and then the connection sent to IG servers for handshake from the said server at least follows IG's security standards.

    I mean sure third party apps and all but at least the backend should tighten up a bit. We don't want to hear stories of snooping data within transits.I just find iGrann "cleaner" and it does the same job... just saying
    Anilu7 likes this.
    02-09-15 08:43 AM
  10. tinochiko's Avatar
    Actually, the App for Apps, are likely among the safest because they're all just app generator apps lol. Of course, they're utterly useless but they're safer than pretty much anything else as you know it's just going to some stupid blog site anyway. The 'developers' (using the term loosely) behind those can't inject any outside code really.
    I don't think that user meant apps that are named 'apps for' I think he was referring to the fact that some of the apps listed in the article are third party apps ( the original meaning of 'apps for xxxx') however I don't think this article speaks against third party apps in general, it's just highlighting that as users (and in particular BlackBerry users) we need to be aware of exactly what apps are doing with the data we freely give them, as the article states, there are legitimate uses, and less so... what we don't want is a developer taking advantage of the lack of a native app and not just charging users for its use, but then going on to data mine (not referring to any in particular'

    For me all this means just developers being more open and transparent about their apps..



    Check Out TechCraze
    KKrusher, Gatmyer and anon1727506 like this.
    02-09-15 08:44 AM
  11. RedxD's Avatar
    I'm more interested on the difference between iGrann and Insta10

    How come iGrann could perform IG stuff internally almost cleanly compared to Insta10? Is it because the former doesn't use any form of spoofing (it can directly utilize IG API's??) or third party advertisements whatsoever (making it effectively funded by actually buying the app?).

    While Insta10 basically uses a remote server to spoof say... an iOS or an Android client plus it uses third party advertisements as a source of funds? Though I would appreciate Nem has control over the connection between client and the AWS server to be at least encrypted and scrambled and then the connection sent to IG servers for handshake from the said server at least follows IG's security standards.

    I mean sure third party apps and all but at least the backend should tighten up a bit. We don't want to hear stories of snooping data within transits.I just find iGrann "cleaner" and it does the same job... just saying
    They both use the Instagram API(unofficial one, the official one is read-only) but looks like igrann doesn't do shady stuff in the background while insta10 does, igrann only accesses Instagram's servers so I guess that's why it's cleaner

    Posted via CB10
    02-09-15 08:46 AM
  12. tinochiko's Avatar
    A lot of "Apps For" on this list... which is the same for most any platform, and one of the big reason that many today avoid "Apps For Apps". Thankfully we at least have the unofficially options for getting many of the original apps so we don't have to use these.
    On the other hand for those who want a native experience and for a developer who has the skills to provide them , shouldn't be denied, but there should be better communication between the two, this is a widespread issue there was an article I read before that suggested it had to do with the fact that developers are typically not good with anything relating to the app apart from coding (i.e. Communicating with customers, ethical considerations etc.) obviously a generalisation but it's clear from the thread article that something isn't right

    Check Out TechCraze
    02-09-15 08:48 AM
  13. anon1727506's Avatar
    I don't think that user meant apps that are named 'apps for' I think he was referring to the fact that some of the apps listed in the article are third party apps ( the original meaning of 'apps for xxxx') however I don't think this article speaks against third party apps in general, it's just highlighting that as users (and in particular BlackBerry users) we need to be aware of exactly what apps are doing with the data we freely give them, as the article states, there are legitimate uses, and less so... what we don't want is a developer taking advantage of the lack of a native app and not just charging users for its use, but then going on to data mine (not referring to any in particular'

    For me all this means just developers being more open and transparent about their apps..



    Check Out TechCraze
    Yes thanks for clarifing....

    Basically I think we all have to understand that our DATA is very valuable to to developers and advertisers, so we have to be careful of what apps we use.... and this requires that we trust where the apps are distributed from (3rd party apps stores, random download from some fourm, or official app store) and who the developer of the App is (big company with a lot of eyes on it or a small unknown developer).
    Uzi and KKrusher like this.
    02-09-15 08:54 AM
  14. Bla1ze's Avatar
    I don't think that user meant apps that are named 'apps for' I think he was referring to the fact that some of the apps listed in the article are third party apps ( the original meaning of 'apps for xxxx') however I don't think this article speaks against third party apps in general, it's just highlighting that as users (and in particular BlackBerry users) we need to be aware of exactly what apps are doing with the data we freely give them, as the article states, there are legitimate uses, and less so... what we don't want is a developer taking advantage of the lack of a native app and not just charging users for its use, but then going on to data mine (not referring to any in particular'

    For me all this means just developers being more open and transparent about their apps..



    Check Out TechCraze

    Word. I gotcha. Sorry for the confusion Scalemaster.
    tinochiko and anon1727506 like this.
    02-09-15 08:55 AM
  15. Bla1ze's Avatar
    Edit #2: I’ve been asked about the actual logs. Tomorrow I will cleanup the fiddler logs (no private data for you hack types) and release the logs in the morning. The source code and decompiled binaries I can’t share obviously, you are on your own to get those. But I’ll do up a little article with it so that anyone can see what data is being sent just by using a simple proxy like Fiddler. I’ll also share some of the http strings being assembled by the Kelly class and why this one server poses a huge risk to users.

    ^^ Waiting for this.
    LazyEvul and f0xG3 like this.
    02-09-15 08:56 AM
  16. MobileMadness002's Avatar
    I agree on the article, very interesting to read.
    02-09-15 09:01 AM
  17. senel's Avatar
    Interesting article, basically summaries what was written about Nemory's apps in other thread here on CB.

    Posted via CB10
    02-09-15 09:05 AM
  18. Nemory Studios's Avatar
    My Response to the (Web Security Analysis Of 12 BlackBerry 10 Applications) article

    Nemory Studios: Response - Web Security Analysis Of 12 BlackBerry 10 Applications
    SubCamp and Gatmyer like this.
    02-09-15 09:19 AM
  19. anon1727506's Avatar
    My Response to the (Web Security Analysis Of 12 BlackBerry 10 Applications) article

    Nemory Studios: Response - Web Security Analysis Of 12 BlackBerry 10 Applications
    Thanks for your response...

    But saying it's BlackBerry's fault or Snap Chat's fault doesn't change the fact that your Apps are getting poor ratings by a Security Analysis and that users data is vulnerable. Heck the original apps might not be rated all that high if they were on the platform, but they aren't.

    But we all have to understand that developers have to make money... nothing is really free.
    KKrusher and Anilu7 like this.
    02-09-15 09:32 AM
  20. f0xG3's Avatar
    IMHO if the actual connections themselves are not HTTPS then it's probably really that messed up on the part of the SDK's. Though there must be something that could be encapsulated and encrypted to make the design a bit more sensible.

    Also, since this got out, might as well tell potential users that you are collecting data for Ads as a disclaimer (somehow you have to make a living). Of course paid users shouldn't be collected in the first place

    Don't take this badly though but I'm sure some guys here are pretty edgy regarding being spied on and whatnot. People would be kinder if transparency is involved.
    02-09-15 09:32 AM
  21. AnimalPak200's Avatar
    Lol... why didn't they just title it: don't use Nemory Studios apps?


    Kinda shady to pull ads and run them in the background though. That alone sets a pretty high level of suspicion for the rest of the app calls.

    Posted via CB10
    CarbonKevin likes this.
    02-09-15 09:34 AM
  22. Nemory Studios's Avatar
    Lol... why didn't they just title it: don't use Nemory Studios apps?


    Kinda shady to pull ads and run them in the background though. That alone sets a pretty high level of suspicion for the rest of the app calls.

    Posted via CB10
    the ads traffic are of Smaato.... not mine,

    BlackBerry advertised it, created a webcast for us, recommended it to use it.

    And it's not only my apps uses it. there are thousands.

    Also flurry
    02-09-15 09:47 AM
  23. AnimalPak200's Avatar
    the ads traffic are of Smaato.... not mine,

    BlackBerry advertised it, created a webcast for us, recommended it to use it.

    And it's not only my apps uses it. there are thousands.

    Also flurry
    Just read your response: http://nemorystudios.blogspot.com/20...of-12.html?m=1

    Hope you can clear it all up and can continue to work on apps. All part of a learning process I suppose.

    Posted via CB10
    Gatmyer likes this.
    02-09-15 09:50 AM
  24. nah.uhh's Avatar
    the ads traffic are of Smaato.... not mine,

    BlackBerry advertised it, created a webcast for us, recommended it to use it.

    And it's not only my apps uses it. there are thousands.

    Also flurry
    THIS is why I question BlackBerry "security".
    Posted this before but here we go again.
    Bb10 permission control doesn't have any user prompts etc for INTERNET.

    I've been saying since the playbook, native bb10 apps are only as safe as the developer. Stealing information is easy for bb10 developers and even android developers now on bb10.

    Bbos Internet permission could be set to prompt on every connection (you could set rules to what websites it could connect to)

    None of these issues would be issues if users knew what connections were being made.
    On first run on the app, Bbos would have told me that the app is trying to make http connections to servers I don't recognize.. and I wouldn't have granted the permission.

    Edit: my post is a about BlackBerry, not nem or any other developer.

    PassportSQW100-1/10.3.1.2243
    02-09-15 09:56 AM
  25. LoganSix's Avatar
    the ads traffic are of Smaato.... not mine,

    BlackBerry advertised it, created a webcast for us, recommended it to use it.

    And it's not only my apps uses it. there are thousands.

    Also flurry
    Can you clarify what you just posted? Are you acknowledging that you are running ads in the background of your apps and are claiming that is how it is supposed to work because BlackBerry suggested the ad service?
    02-09-15 09:59 AM
374 123 ...

Similar Threads

  1. MeasureMe App New Promo Code
    By Mohamed Abdelsalam in forum BlackBerry 10 Apps
    Replies: 28
    Last Post: 02-28-15, 01:48 AM
  2. My Q10 and TSA airport security.
    By BB Adict in forum General BlackBerry News, Discussion & Rumors
    Replies: 36
    Last Post: 02-22-15, 01:41 PM
  3. Latest Youtube App [Working]
    By robertopne123 in forum More for your BlackBerry 10 Phone!
    Replies: 20
    Last Post: 02-16-15, 11:16 AM
  4. Why has my BlackBerry Bold 9650 suddenly stopped ringing?
    By CrackBerry Question in forum Ask a Question
    Replies: 1
    Last Post: 02-09-15, 06:25 PM
  5. ShopBlackBerry drops pricing on the BlackBerry Z30
    By CrackBerry News in forum CrackBerry.com News Discussion & Contests
    Replies: 0
    Last Post: 02-09-15, 01:22 PM
LINK TO POST COPIED TO CLIPBOARD